As web3, digital tokens, and cryptocurrency concepts become mainstream, more people are in danger of getting scammed while looking for a quick buck.
Consumers lost at least $14 billion in cryptocurrency last year. According to recent Proofpoint research, crypto-based scams or attacks do not require sophisticated tools.
"Common techniques observed when targeting cryptocurrency over email include credential harvesting, cryptocurrency transfer solicitation like BEC, and the use of basic malware stealers that target cryptocurrency credentials," the research reads.
Crypto, it argues, has become a mainstream idea. As major companies like Coca-Cola, auction houses like Sotheby's, and sports teams like Formula 1 engage in blockchain campaigns, more people will likely encounter threat actors, who will be trying to entice them to be a part of the next big thing.
"Users should be aware of common social engineering and exploitation mechanisms used by threat actors aiming to steal cryptocurrencies," Proofpoint said in its detailed overview of the common attack scenarios.
Threat actors regularly attempt to compromise cryptocurrency wallets using credential harvesting. In one example, scammers tried to lure victims into clicking on a malicious link by saying that one of the cryptocurrency exchanges experienced a data breach. Once users clicked to set up a new password, they were redirected to the credential harvesting landing page.
Criminals often impersonate Binance, Celo, and Trust Wallet, among other popular services, to set up a trap for unsuspecting victims.
Proofpoint also observed scammers using business email compromise (BEC) schemes to dry victims' wallets. By impersonating someone an employee knows, criminals are attempting to deceive users into willingly transferring funds from their account.
"Proofpoint also regularly observes donation fraud attempting to steal cryptocurrency. Recently, researchers have observed millions of BEC threats leveraging the Russian invasion of Ukraine and donations to support the Ukraine war effort or Ukrainian people as lure themes to solicit cryptocurrency," the company said.
Criminals also send phishing emails to install malware that could steal cryptocurrency. So-called infostealers exfiltrate information, including logging keystrokes, taking screenshots, conducting network reconnaissance, and stealing other sensitive data from an infected machine.
"Threat actors are way ahead of the general adoption of cryptocurrency, with existing infrastructure and ecosystems long-established for stealing and using it," Proofpoint warned.
Your email address will not be published. Required fields are markedmarked